Owners of Android phones have been warned to beware of powerful malware being spread by text message which can wipe handsets and read text messages. The Mazar malware is downloaded when users click on an innocuous-looking link designed to look like a multimedia message.
When selected, it installs software that enables anonymous internet connections to the phone and gives those who connect to it administrator rights. This would allow them to read text messages, monitor the phone's use, make calls or wipe handsets entirely.
Danish internet security firm Heimdal Security estimates the malicious text messages have been received by at least 100,000 Android phones in Denmark alone.They said the full extent of the spread of the malicious software in other parts of the world is still not known.
However, they added that the malware will not install on phones where the language setting is set to Russian, perhaps providing clues as to its origin. It will also only work on phones where a default setting that prevents software from untrusted sources being installed has been unchecked.
Andra Zaharia, a security specialist at Heimdal, said in a blog post: 'This specific mobile malware opens the doors to all kinds of malicious consequences for the victim.
'Attackers can open a backdoor into Android smartphones, to monitor and control them as they please and use their full access to Android phones to basically manipulate the device to do whatever they want.'
Among the actions the malware allows the attackers to do is to send SMS messages to premium channel numbers, increasing the victim's phone bill. They can also read SMS messages, which Miss Zaharia warns also allows them to read the authentication codes sent by online banking apps and e-commerce websites.
Elsehwere, the Mazar BOT allows cybercriminals to interpose themselves between the victim's phone and a web-based service so they can see all information sent over the internet.
0 comments: